Table of Contents

Why Use the VPN?

Using a VPN will put your Virtual Device and the computer you are accessing Corellium from (typically a desktop or laptop computer) on the same network. Common use cases for this are:

  • SSH access to the device.

  • Access your application via various TCP/IP or UDP ports and protocols from your desktop/laptop computer.

  • Kernel debugging.

  • Run a vmmio peripheral over TCP/IP on your local computer to feed stimuli data through a peripheral running locally on your computer into the Virtual Device for application and algorithm validation.


Important Notes

  • VPN will only establish connection if you have at least one device in your project that is in the ON state. If all your devices are OFF, or if you have no devices, the VPN will not establish a connection.

  • Currently, Tunnelblick is not supported for TAP VPNs on Big Sur. If you are a Mac user on Big Sur, you will need to use Viscosity.

  • If you are on an Individual Account, you only need to establish one VPN connection to your account, and that connection will work for all devices.

  • Running other VPNs may interfere with your Corellium VPN connection. If you are having trouble connecting to the Corellium VPN and are already running your own VPN, you may need to disable the other VPN and then reconnect to the Corellium VPN.


Local Network and Firewall Configuration

you still require a VPN connection to the device, it's going to be a bit more complicated because unfortunately, we have no way of knowing what our out-facing AWS IP is going to be and it's assigned dynamically.

You'd need to do the following:e

  1. Set up a static outgoing source IP.

  2. Enable all ports above 1024 for UDP traffic for all AWS region "us-east-2" for the static source set in step1. IPv4 only

Here’s the code to get just ipv4:

curl https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '.prefixes[] | select(.region == "us-east-2") | .ip_prefix' for us-east-2 only

curl https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '.prefixes[] | select(.region|test("us-east-2")) | .ip_prefix' for all us regions

Here’s the code to get both ipv4 and ipv6:
curl https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r 'to_entries[] | select(.key|contains("prefixes")).value | .[] | select(.region="us-east-2") | to_entries[] | select(.key|contains("prefix")).value' for us-east-2 only

curl https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r 'to_entries[] | select(.key|contains("prefixes")).value | .[] | select(.region|test("us-")) | to_entries[] | select(.key|contains("prefix")).value' for all us regions

And to get the number of rows returned, you wrap the whole jq command in [ and ] then add | length to the end. For example:

[email protected] ~ % curl https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '[to_entries[] | select(.key|contains("prefixes")).value | .[] | select(.region|test("us-")) | to_entries[] | select(.key|contains("prefix")).value] | length' % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 1220k 100 1220k 0 0 4084k 0 --:--:-- --:--:-- --:--:-- 4194k 3013




How to Connect with macOS

Installing Tunnelblick for macOS

  1. Download the appropriate version of Tunnelblick for your machine from tunnelblick.net/downloads.html.

  2. Navigate to tunnelblick.net/cInstall.html and follow the instructions to install Tunnelblick.

  3. Navigate to tunnelblick.net/cKextsInstallation.html to install the system extensions for Tunnelblick.

Connecting via Tunnelblick

  1. First, click on your device.

  2. Click CONNECT and then DOWNLOAD OVPN FILE.

  3. Add the VPN Configuration file to Tunnelblick by dragging the file over the Tunnelblick Application Icon. Navigate to tunnelblick.net/cInstallConfigurations.html for detailed instructions.

  4. Click the TunnelBlick icon, then “Connect ...”

  5. The text will turn green, and you are now connected to the VPN!


How to Connect with Windows OS

Installing OpenVPN on Windows OS

  1. Install the appropriate version of OpenVPN for your machine from this URL.

  2. Double-click the downloaded file, then click Install Now.

  3. The OpenVPN GUI icon should appear in the taskbar by the clock.

Connecting via OpenVPN

  1. First, click on your device.

  2. Click CONNECT and then DOWNLOAD OVPN FILE.

  3. Right-click on the OpenVPN GUI icon in the taskbar and select Import → Import File.

  4. Then, select the downloaded OVPN file.

  5. Right-click on the OpenVPN GUI icon in the taskbar and select Connect.

  6. This window will appear, and it will close when OpenVPN has connected to the device.


How to Connect with Linux

Installing OpenVPN on Ubuntu

  1. Install a fresh copy of the LTS version of Ubuntu then install all system updates. We will use 20.04 for this example.

  2. Install dependencies using:

    sudo apt install libssl-dev liblzo2-dev libpam0g-dev

  3. Download the most recent version of OpenVPN from the Community Downloads page. We will use the gzipped tarball file for version 2.5.6 (found here).

  4. From the home folder, extract the file.

    tar -xvf ~/Downloads/openvpn-2.5.6.tar.gz

  5. Change to the OpenVPN program directory.

    cd openvpn-2.5.6/

  6. Configure, make, and install.

    ./configure
    make
    sudo make install

Connecting via OpenVPN

  1. First, click on your device.

  2. Click CONNECT and then DOWNLOAD OVPN FILE.

  3. Connect to your device using the openvpn --config <config_file> command. For example, if you are using the default filename in the default project, use:

    sudo openvpn --config ~/Downloads/corellium.com\ VPN\ -\ Default\ Project.ovpn
  4. You should see the following lines in the console response confirming the VPN is set up.

    TUN/TAP device tap0 opened
    ...
    net_iface_up: set tap0 up
    ...
    Initialization Sequence Completed


Checking Your Connection

  1. Open a terminal window and ssh into your device, check out our Connect to a Virtual Device via SSH article for instructions.

  2. Create a new directory in the root folder called testdir.

    mkdir testdir

  3. Type the ls command in the console, If you see testdir in the list of directories your VPN is connected.

So, now that you have connected the VPN to your own host network - you can SSH to the device or access the web server.


Troubleshooting Tips

  1. If you see an error stating read UPD [ECONNREFUSED]: Connection refused (code=111), you need to turn on a virtual device. VPN connections are not possible if all project devices are turned off.

  2. If you're having trouble connecting, try re-installing your VPN Profile.

  3. Make sure you're connecting to the right profile for your project, and that at least one device in your project is On.

  4. Close any other VPNs.

  5. Check that your network doesn't have a firewall preventing your connection. Learn more about configuring Windows Defender Firewall.


NEED TO ADD THIS CONTENT TO THE ARTICLE

To connect to VPN, you will need to have a VPN client installed. If you don't already have a VPN client, we recommend Viscosity. The VPN software must support TAP mode. Once your VPN client is installed, you can simply download the OpenVPN configuration file from the Connect tab and install it to configure your VPN.

Important Notes

  • VPN will only establish connection if you have at least one device in your project that is in the ON state. If all your devices are Off, or if you have no devices, the VPN will not establish connection.

  • Currently, Tunnelblick is not supported for TAP VPNs on Big Sur. If you are a Mac user on Big Sur, you will need to use Viscosity.

  • If you are on an Individual Account, you only need to establish one VPN connection to your account, and that connection will work for all devices.

  • Running other VPNs may interfere with your Corellium VPN connection. If you are having trouble connecting to the Corellium VPN and are already running your own VPN, you may need to disable the other VPN and then reconnect to the Corellium VPN.

Troubleshooting Tips

  • If you're having trouble connecting, try re-installing your VPN Profile.

  • Make sure you're connecting to the right profile for your project, and that at least one device in your project is On.

  • Close any other VPNs.

  • Check that your network doesn't have a firewall preventing your connection. Learn more about configuring Windows Defender Firewall.




Did this answer your question?